Robie - I believe it's an inconsistency between upstream source docs and behaviour. However, upstream docs align with Ubuntu (and presumably other distro) docs and are _not_ consistent with the current behaviour.
The distro man pages and the online docs at https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/Tools/certutil (Sept 2014) do not agree with the current behaviour and the later online docs at https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil (Sept 2015). Therefore, the source man page needs to be updated to align with the latter 2015 online docs. As I understand it, the relevant -t trustargs arguments are: p - mark the trustargs settings as authoritative, but don't flag the certificate as a CA. This makes the certificate explicitly distrusted as a CA as per the Sept 2015 online docs. c - mark the trustargs settings as authoritative and also flag the certificate as a CA. I.e trusted. 'T' and 'C' also set 'c' So, bottom line is to raise an upstream bug to align the source code man page with the online (Sept 2015) docs and current behaviour as there doesn't seem to be one currently - https://bugzilla.mozilla.org/buglist.cgi?quicksearch=certutil+trustargs -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1586538 Title: certutils from libnss3-tools - man page contradicts Mozilla's To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1586538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
